Hello Serge, On Mon, 2014-03-24 at 22:21 -0500, Serge Hallyn wrote:
Quoting Cédric Bosdonnat (cbosdonnat@suse.com):
See lp#1276719 for the bug description. As virt-aa-helper doesn't know
Great, thanks for addressing this.
the VFIO groups to use for the guest,
Is there really no way for it to know that (based on xml)? If not then I guess this is the way to go - though even in that case could we at least have virt-aa-helper only allow access to all vfio* only when vfio pci is required?
Sadly the vfio group is handled on the qemu side, there is nothing on the xml side. But I surely can change the patch to add the vfio rule to the *.files part of the profile and only when vfio is needed by the guest: that would restrain the access a bit. -- Cedric